Xoxoday Plum provides authorised client administrators with a secure, web-based administration portal backed by role-based access control, multi-admin support, approval workflows, and enterprise security protocols including TLS 1.2 encryption, WAF protection, and AES-256 data-at-rest encryption.
The Xoxoday Plum Admin Portal
Xoxoday Plum’s administration portal is a web-based interface accessible over internet or intranet connections, designed for authorised client users to configure, operate, and govern their rewards and gifting programmes. Administrators can manage the full lifecycle of voucher and gift operations without needing direct engineering involvement. The portal is supported by robust APIs for organisations that prefer programmatic control or deeper integrations with systems such as Workday or SAP SuccessFactors. Core administration modules cover catalogue orders, voucher procurement, invoicing, merchandise and experience fulfilment, reporting, and fraud detection. Each module is governed by an authentication and authorisation layer, ensuring that every administrative action is subject to defined access policies.Multi-Admin and Granular Configuration
Xoxoday Plum supports multi-admin management, allowing your organisation to assign central and market-level administrators independently. This is particularly valuable for global programmes where regional teams require autonomy within centrally governed guardrails. Programme managers can configure budget controls at the programme, market, and campaign level — including spend limits and utilisation thresholds. Redemption policies can be enforced by quantity, IP address, email domain, or other policy attributes. Catalogue visibility is configurable per organisational unit, giving administrators precise control over which products, brands, and categories each market can access, together with country and region-level filtering to ensure geography-relevant offers. Xoxoday Plum also supports UI/UX branding settings — logos, colours, and visual styles — so that both the administration interface and the end-user experience reflect your organisation’s brand identity.Role-Based Access Control and Approval Workflows
Access governance in Xoxoday Plum follows a role-based access control (RBAC) model. Administrators are assigned roles scoped to their responsibilities — configuration, operational execution, or reporting — enforcing least-privilege access across the organisation. This reduces the risk of unauthorised changes and limits exposure in the event of a compromised account. Maker-checker approval workflows can be configured for sensitive administrative actions, adding a second layer of human oversight before changes are committed. This is especially relevant for high-value voucher issuance or catalogue modifications.Security Architecture
Xoxoday Plum applies defence-in-depth across the administration layer. A Web Application Firewall with OWASP Top 10-aligned controls and bot detection protects incoming web traffic. Multi-layer network architecture with strict firewall policies governs traffic between components. Data in transit is encrypted using TLS 1.2 over HTTPS; data at rest is encrypted using AES-256, including tenant-level encryption keying for sensitive customer data. Audit logging captures key administrative actions, providing a traceable record of who did what and when — supporting compliance requirements aligned with standards such as ISO 27001 and SOC 2 Type II. Secure integration with external systems is supported via OAuth, SSO, and encrypted transport options such as HTTPS, SFTP, and site-to-site VPN. Regular vulnerability assessment and penetration testing (VAPT) and continuous code and dependency analysis underpin ongoing risk reduction. Learn more: [Xoxoday Plum Help Centre — General](Role-Based Access Control in Xoxoday Plum
How RBAC roles and least-privilege permissions govern administrator access across your rewards programme.
Budget Controls and Spend Management
Configure programme-level, market-level, and campaign-level budgets with spend limits and utilisation tracking.
Security and Compliance Overview
Xoxoday Plum’s security architecture, certifications, encryption standards, and audit capabilities.
API and Integration Options
Connect Xoxoday Plum to Workday, SAP SuccessFactors, Darwinbox, and other enterprise systems via REST APIs and SSO.